lokibot | a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6 | Triage

Sharing

General

Target

a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6.exe
Size

736KB
Sample

210115-9kdjh3767n
MD5

5dc485bd9ea63279d7da0c0ac65775c9
SHA1

f89527ee988e0f7cbfd872e4326052d5ea778054
SHA256

a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6
SHA512

b0c32d678bd8f7fb790d406d886a1f670cac7f9a10e0912f3ecb503dbfba5c5f0cfa0026da31d383acec0e156d53af0d777debc0594919604fe6de1898b4835d

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://lmpulsefashion.net/chief/kev/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6.exe
- Size
  
  736KB
- MD5
  
  5dc485bd9ea63279d7da0c0ac65775c9
- SHA1
  
  f89527ee988e0f7cbfd872e4326052d5ea778054
- SHA256
  
  a66bb9944f1630e745b926a08a6c2b0adb81e7149bcdbc380b152dff2e7d93e6
- SHA512
  
  b0c32d678bd8f7fb790d406d886a1f670cac7f9a10e0912f3ecb503dbfba5c5f0cfa0026da31d383acec0e156d53af0d777debc0594919604fe6de1898b4835d
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan